<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
    <meta charset="UTF-8"/>
    <link rel="shortcut icon" href="../../public/favicon.ico" th:href="@{/favicon.ico}"/>

    <title>客户端[RP] . MyOIDC</title>

    <th:block th:include="fragment/header :: public-css"/>
</head>
<body>

<div th:replace="fragment/header :: public-header"/>

<div class="container">
    <h2>添加客户端</h2>
    <p class="help-block">
        若对<code>client_details</code>中的属性及作用不清楚,
        建议你先查看项目中的<code>db_table_description.html</code>文件(位于static目录)中对表<code>oauth_client_details</code>的说明,
        或在线访问<a th:href="@{'/static/api/MyOIDC_API-1.1.0.html'}" target="_blank">db_table_description.html</a>;
        添加客户端[RP]实际上是向该表中按不同的条件添加数据.
    </p>
    <div class="alert alert-warning" role="alert">
        <strong class="text-danger">注意: </strong> 由于client_secret 会加密存储, 请先复制并保留client_secret值, 添加成功后不会再显示
    </div>

    <form class="form-horizontal" th:action="@{''}" method="post" th:object="${formDto}">
        <div class="form-group">
            <label class="col-sm-2 control-label">client_id<em class="text-danger">*</em></label>

            <div class="col-sm-10">
                <input th:field="*{clientId}" name="clientId" class="form-control" placeholder="client_id"
                       required="required" minlength="10"
                       type="text" value=""/>

                <p class="help-block">client_id必须输入,且必须唯一,长度至少10位; 在实际应用中的另一个名称叫appKey,与client_id是同一个概念.</p>
            </div>
        </div>
        <div class="form-group">
            <label class="col-sm-2 control-label">client_secret<em
                    class="text-danger">*</em></label>

            <div class="col-sm-10">
                <input th:field="*{clientSecret}" name="clientSecret" class="form-control" placeholder="client_secret"
                       required="required" type="text" value="" minlength="10"/>

                <p class="help-block">client_secret必须输入,且长度至少10位; 在实际应用中的另一个名称叫appSecret,与client_secret是同一个概念.
                </p>
            </div>
        </div>
        <div class="form-group">
            <label for="resourceIds" class="col-sm-2 control-label">resource_ids<em
                    class="text-danger">*</em></label>

            <div class="col-sm-10">
                <select id="resourceIds" name="resourceIds" class="form-control" readonly="true">
                    <option value="myoidc-resource">myoidc-resource</option>
                </select>

                <p class="help-block">resourceIds固定值, <code>OAuth2ServerConfiguration.java</code>中配置</p>
            </div>
        </div>

        <div class="form-group">
            <label for="scope" class="col-sm-2 control-label">scope<em class="text-danger">*</em></label>

            <div class="col-sm-10">
                <select id="scope" th:field="*{scope}" name="scope" class="form-control">
                    <option value="openid">openid</option>
                    <option value="read">read</option>
                    <option value="write">write</option>
                    <option value="read,write">read,write</option>
                    <option value="read,openid">read,openid</option>
                </select>

                <p class="help-block">scope必须选择</p>
            </div>
        </div>

        <div class="form-group">
            <label class="col-sm-2 control-label">grant_type(s)<em class="text-danger">*</em></label>

            <div class="col-sm-10">
                <label class="checkbox-inline">
                    <input type="checkbox" name="authorizedGrantTypes" th:field="*{authorizedGrantTypes}"
                           value="authorization_code"/>
                    authorization_code
                </label>
                <label class="checkbox-inline">
                    <input type="checkbox" name="authorizedGrantTypes" th:field="*{authorizedGrantTypes}"
                           value="password"/>
                    password
                </label>
                <label class="checkbox-inline">
                    <input type="checkbox" name="authorizedGrantTypes" th:field="*{authorizedGrantTypes}"
                           value="implicit"/>
                    implicit
                </label>
                <label class="checkbox-inline">
                    <input type="checkbox" name="authorizedGrantTypes" th:field="*{authorizedGrantTypes}"
                           value="client_credentials"/>
                    client_credentials
                </label>
                <label class="checkbox-inline">
                    <input type="checkbox" name="authorizedGrantTypes" th:field="*{authorizedGrantTypes}"
                           value="refresh_token"/>
                    refresh_token
                </label>

                <p class="help-block">至少勾选一项grant_type(s), 且不能只单独勾选<code>refresh_token</code>, 若需更多帮助请访问 <a
                        href="http://andaily.com/blog/?p=103"
                        target="_blank">http://andaily.com/blog/?p=103</a></p>
            </div>
        </div>

        <div class="form-group">
            <label for="webServerRedirectUri" class="col-sm-2 control-label">redirect_uri<em class="text-danger">*</em></label>

            <div class="col-sm-10">
                <input id="webServerRedirectUri" th:field="*{webServerRedirectUri}" name="webServerRedirectUri"
                       class="form-control" required="required"
                       placeholder="https://..." type="text" value=""/>

                <p class="help-block">当<code>grant_type</code>包括<em>authorization_code</em>或<em>implicit</em>时会使用redirect_uri
                </p>
            </div>
        </div>

        <div class="form-group">
            <label for="authorities" class="col-sm-2 control-label">authorities</label>

            <div class="col-sm-10">
                <select id="authorities" name="authorities" class="form-control" th:field="*{authorities}">
                    <option value="">无</option>
                    <option value="ROLE_USER,ROLE_UNITY">ROLE_UNITY</option>
                    <option value="ROLE_USER,ROLE_MOBILE">ROLE_MOBILE</option>
                    <option value="ROLE_USER,ROLE_UNITY,ROLE_MOBILE">ROLE_UNITY,ROLE_MOBILE</option>
                </select>

                <p class="help-block">指定客户端所拥有的Spring Security的权限值,可选;
                    若<code>grant_type</code>为<em>implicit</em>或<em>client_credentials</em>则必须选择authorities,
                    因为服务端将根据该字段值的权限来判断是否有权限访问对应的API</p>
            </div>
        </div>

        <div class="form-group">
            <label for="accessTokenValidity" class="col-sm-2 control-label">access_token_validity</label>

            <div class="col-sm-10">
                <input type="number" class="form-control" name="accessTokenValidity" id="accessTokenValidity"
                       placeholder="123" th:field="*{accessTokenValidity}"/>

                <p class="help-block">设定客户端的access_token的有效时间值(单位:秒),可选, 若不设定值则使用默认的有效时间值(60 * 60 * 12, 12小时);
                    若设定则必须是大于0的整数值</p>
            </div>
        </div>

        <div class="form-group">
            <label for="refreshTokenValidity" class="col-sm-2 control-label">refresh_token_validity</label>

            <div class="col-sm-10">
                <input type="number" class="form-control" name="refreshTokenValidity" id="refreshTokenValidity"
                       placeholder="234" th:field="*{refreshTokenValidity}"/>

                <p class="help-block">设定客户端的refresh_token的有效时间值(单位:秒),可选, 若不设定值则使用默认的有效时间值(60 * 60 * 24 * 30,
                    30天);
                    若设定则必须是大于0的整数值</p>
            </div>
        </div>

        <div class="form-group">
            <label for="additionalInformation" class="col-sm-2 control-label">additional_information</label>

            <div class="col-sm-10">
                <input type="text" class="form-control" name="additionalInformation" id="additionalInformation"
                       placeholder="additional_information" th:field="*{additionalInformation}"/>

                <p class="help-block">
                    这是一个预留的字段,可选,但若设置值,必须是JSON格式的数据,如:
                    <code>{"country":"CN","country_code":"086"}</code>
                </p>
            </div>
        </div>

        <div class="form-group">
            <label class="col-sm-2 control-label">trusted</label>

            <div class="col-sm-10">
                <label class="radio-inline">
                    <input type="radio" name="trusted" value="true" th:field="*{trusted}"/> Yes
                </label>
                <label class="radio-inline">
                    <input type="radio" name="trusted" value="false" checked="checked" th:field="*{trusted}"/> No
                </label>

                <p class="help-block">该属性是扩展的,
                    只适用于grant_type(s)包括<code>authorization_code</code>或<code>implicit</code>的情况,当用户登录成功后,若选No,则会跳转到让用户Approve的页面让用户同意授权,
                    若选Yes,则在登录后不需要再让用户Approve同意授权(因为是受信任的)</p>
            </div>
        </div>

        <div class="form-group">
            <div class="col-sm-2"></div>
            <div class="col-sm-10">
                <p th:if="${#fields.hasAnyErrors()}" th:text="${#fields.errors()}"
                   class="alert alert-warning"></p>
            </div>
        </div>


        <div class="form-group">
            <div class="col-sm-2"></div>
            <div class="col-sm-10">
                <button type="submit" class="btn btn-success">保存</button>
                <a href="../list">取消</a>
            </div>
        </div>
    </form>

</div>

<hr/>
<div th:replace="fragment/footer :: footer-oidc"/>
</body>
</html>